Fill the SAM_ACCOUNT with default values.
***********************************************************/
-static void pdb_fill_default_sam(SAM_ACCOUNT *user)
+void pdb_fill_default_sam(SAM_ACCOUNT *user)
{
ZERO_STRUCT(user->private); /* Don't touch the talloc context */
/* set Domain Users by default ! */
sid_copy(&g_sid, get_global_sam_sid());
- sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS);
+ sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS);
pdb_set_group_sid(*new_sam_acct, &g_sid, PDB_SET);
}
return NT_STATUS_OK;
GROUP_MAP map;
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){
- DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n",
+ DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n",
sid_string_static(&map.sid)));
return False;
}
Lookup a name in the SAM database
******************************************************************/
-static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
+static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *sam_account, const char *sname)
{
NTSTATUS nt_status;
- struct passwd *pass;
const char *guest_account = lp_guestaccount();
+
+ if (!sam_account || !sname) {
+ DEBUG(0,("invalid name specified"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
if (!(guest_account && *guest_account)) {
DEBUG(1, ("NULL guest account!?!?\n"));
return NT_STATUS_UNSUCCESSFUL;
DEBUG(0,("invalid methods\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- if (!sname) {
- DEBUG(0,("invalid name specified"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
if (!strequal(guest_account, sname)) {
return NT_STATUS_NO_SUCH_USER;
}
- pass = getpwnam_alloc(guest_account);
-
- nt_status = pdb_fill_sam_pw(user, pass);
+ pdb_fill_default_sam(sam_account);
+
+ if (!pdb_set_username(sam_account, guest_account, PDB_SET))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_fullname(sam_account, guest_account, PDB_SET))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_domain(sam_account, lp_workgroup(), PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
- passwd_free(&pass);
- return nt_status;
+ return NT_STATUS_OK;
}
**************************************************************************/
static NTSTATUS guestsam_getsampwrid (struct pdb_methods *methods,
- SAM_ACCOUNT *user, uint32 rid)
+ SAM_ACCOUNT *sam_account, uint32 rid)
{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct passwd *pass = NULL;
- const char *guest_account = lp_guestaccount();
- if (!(guest_account && *guest_account)) {
- DEBUG(1, ("NULL guest account!?!?\n"));
- return nt_status;
- }
-
- if (!methods) {
- DEBUG(0,("invalid methods\n"));
- return nt_status;
- }
-
- if (rid == DOMAIN_USER_RID_GUEST) {
- pass = getpwnam_alloc(guest_account);
- if (!pass) {
- DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account));
- return NT_STATUS_NO_SUCH_USER;
- }
- } else {
+ if (rid != DOMAIN_USER_RID_GUEST) {
return NT_STATUS_NO_SUCH_USER;
}
- nt_status = pdb_fill_sam_pw(user, pass);
- passwd_free(&pass);
+ if (!sam_account) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
- return nt_status;
+ return guestsam_getsampwnam (methods, sam_account, lp_guestaccount());
}
static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
uint32 rid;
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return NT_STATUS_NO_SUCH_USER;
+
return guestsam_getsampwrid(my_methods, user, rid);
}
return ret;
}
+
+/* Initialize idmap withWellknown SIDs like Guest, that are necessary
+ * to make samba run properly */
+BOOL idmap_init_wellknown_sids(void)
+{
+ const char *guest_account = lp_guestaccount();
+ struct passwd *pass;
+ DOM_SID sid;
+ unid_t id;
+ int flags;
+
+ if (!(guest_account && *guest_account)) {
+ DEBUG(1, ("NULL guest account!?!?\n"));
+ return False;
+ }
+
+ pass = getpwnam_alloc(guest_account);
+ if (!pass) {
+ return False;
+ }
+
+ flags = ID_USERID;
+ id.uid = pass->pw_uid;
+ sid_copy(&sid, get_global_sam_sid());
+ sid_append_rid(&sid, DOMAIN_USER_RID_GUEST);
+ if (NT_STATUS_IS_ERR(idmap_set_mapping(&sid, id, flags))) {
+ passwd_free(&pass);
+ return False;
+ }
+
+ /* check if DOMAIN_GROUP_RID_GUESTS SID is set, if not store the
+ * guest account gid as mapping */
+ flags = ID_GROUPID | ID_NOMAP;
+ sid_copy(&sid, get_global_sam_sid());
+ sid_append_rid(&sid, DOMAIN_GROUP_RID_GUESTS);
+ if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &flags, &sid))) {
+ flags = ID_GROUPID;
+ id.gid = pass->pw_gid;
+ if (NT_STATUS_IS_ERR(idmap_set_mapping(&sid, id, flags))) {
+ passwd_free(&pass);
+ return False;
+ }
+ }
+
+ return True;
+}